Isaca: The Recognized Global Leader in IT Governance, Control, Security and Assurance
Isaca: The Recognized Global Leader in IT Governance, Control, Security and Assurance
Isaca: The Recognized Global Leader in IT Governance, Control, Security and Assurance
Chapter 2
IT Governance
Course Agenda
• Learning Objectives
• Discuss Task and Knowledge Statements
• Discuss specific topics within the chapter
• Case studies
• Sample questions
Exam Relevance
Scope
Enterprise Model
Systems Model
Technology Model
Detailed
Representation
2.3.5 Enterprise
Architecture (continued)
• High-level documents
• Represent the corporate philosophy of an organization
• Must be clear and concise to be effective
2.5.1 Policies (continued)
• Qualitative
• Semiquantitative
• Quantitative
– Probability and expectancy
– Annual loss expectancy method
2.6.3 Risk Analysis
Methods (continued)
• Hiring
• Employee handbook
• Promotion policies
• Training
• Scheduling and time reporting
• Employee performance evaluations
• Required vacations
• Termination policies
2.7.2 Sourcing Practices
Possible advantages:
• Commercial outsourcing companies likely to devote more
time and focus more efficiently on a given project than in-
house staff
• Outsourcing vendors likely to have more experience with a
wider array of problems, issues and techniques
Possible disadvantages:
• Costs exceeding customer expectations
• Loss of internal IS experience
• Loss of control over IS
• Vendor failure
2.7.2 Sourcing Practices
(continued)
Governance in outsourcing
• Mechanism that allows organizations to transfer the
delivery of services to third parties
• Accountability remains with the management of the
client organization
• Transparency and ownership of the decision-making
process must reside within the purview of the client
2.7.2 Sourcing Practices
(continued)
• Data management
• Quality assurance manager
• Vendor and outsourcer management
• Operations manager
2.8.1 IS Roles and
Responsibilities (continued)
• Control group
• Media management
• Data entry
• Systems administration
2.8.1 IS Roles and
Responsibilities (continued)
• Security administration
• Quality assurance
• Database administration
2.8.1 IS Roles and
Responsibilities (continued)
• Systems analyst
• Security architect
• Applications development and maintenance
• Infrastructure development and maintenance
• Network management
2.8.2 Segregation of
Duties Within IS